The mission critical user identity is also known as the MC ID. The MC ID is the identity that an MC service user presents to the identity management server during a user authentication transaction. In general, since identity management is a common service it uses an identity which is linked to a set of credentials (e.g. biometrics, secureID, username/password) that may not necessarily be tied to a single mission critical service. The MC ID and the MC service ID may be the same. The MC ID uniquely identifies the MC service user to the identity management server. The MC ID is used by the identity management server to provide the identity management client a means for mission critical service authentication.
The MC service user identity is also known as the MC service ID. The MC service ID is a globally unique identifier within the MC service that represents the MC service user. The MC service ID identifies an MC service user. The MC service ID may also identify one or more MC service user profiles for the user at the application layer.
There are attributes associated with the MC service ID configured in the MC service that relate to the human user of the MC service. Typically, this information identifies the MC service user, by name or role, may also identify a user's organization or agency, and may also identify MC service user's service subscription to one or more MC services. Such attributes associated with an MC service ID can be used by the MC service server to make authorization decisions about the MC service granted to the user. For example, if the MC service user is subscribed to MCPTT service, an attribute that identifies a user's role as an incident commander could automatically be used by the MCPTT service to grant the user additional administrative rights over the creation of groups, or access to privileged talk groups.
The MC service ID shall be a URI. The MC service ID uniquely identifies an MC service user in an MC system. The MC service ID indicates the MC system where the MC service ID is defined.
When required by the MC service provider, the MC service ID is hidden from the signalling control plane.
A default or temporary MC service ID may be used where a user is not yet associated with a device. When a user would like to use one or more MC services but has not been authenticated by the identity management server, a default or temporary MC service ID and a corresponding MC service user profile may be used.
For the purposes of this document, an MC service administrator, MC service dispatcher, or MC service authorized user is an MC service user that has been granted special privileges within the context of the client function being performed (e.g. MC service client, group management client, configuration management client, key management client). For example, the MC service ID of a group management client of an MC service administrator can be authorized within the group management server to create new groups and add members to groups (i.e. administrative function), but is not authorized to dynamically create group or user regroups (i.e. operational function). Alternatively, for example, the MC service ID of a dispatcher will typically be authorized to dynamically create group and user regroups, but is not authorized to create new groups or add/delete members to groups. The MC service authorization framework is defined in TS 33.180